Groups; Traffic Grouped Per Ip Address - D-Link NetDefend DFL-210 User Manual
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
10.1.9. Groups
reserved amount, 64 and 32 kbps, respectively, of precedence 2 traffic will reach std-in. SSH and
Telnet traffic exceeding their guarantees will reach std-in as precedence 0, the best-effort
precedence of the std-in and ssh-in pipes.
10.1.9. Groups
NetDefendOS provides further granularity of control within pipes through the ability to split pipe
bandwidth according to either the packet's source/destination network, IP, port or interface. This is
referred to as creating Groups where the members of a group, sometimes called the users, can have
limits and guarantees applied to them. The most common usage of this division of traffic is to group
by IP or interface.
Figure 10.5. Traffic grouped per IP address
If grouping by port is used then this implicitly also includes the IP address so that port 1024 of
computer A is not the same as port 1024 of computer B and individual connections are identifiable.
If grouping by network is chosen, the network size should also be specified (this has the same
meaning as the netmask).
A Simple Groups Scenario
If the total bandwidth limit for a pipe is 400 bps and we want to allocate this bandwidth amongst
many destination IP addresses so no single IP address can take more then 100 bps of bandwidth, we
select "Per DestIP" grouping and enter the total limit for the grouping as 100 bps. Bandwidth is then
allocated on a "first come, first forwarded" basis but no single destination IP address can ever take
more than 100 bps. No matter how many connections are involved the combined total bandwidth
can still not exceed the pipe limit of 400 bps.
Instead of specifying a total group limit, the alternative is to enable the Dynamic Balancing option.
This ensures that the available bandwidth is divided equally between all addresses regardless of how
many there are and this is done up to the limit of the pipe. If a total group limit of 100 bps is also
specified, as before, then no single user may take more than that amount of bandwidth.
Note
Here, the ordering of the pipes in the return chain is important. Should std-in appear
before ssh-in and telnet-in, then traffic will reach std-in at the lowest precedence only
and hence compete for the 250 kbps of available bandwidth with other traffic.
387
Chapter 10. Traffic Management
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
